Updated on 7 July 2022
Purpose of the website
The objective of website is to disseminate the views and outcomes realised in the work of the Joint Action Towards the European Health Data Space (TEHDAS) project. The website contains news, articles, blogs, publications, descriptions of the project and other similar content.
Right of use
Sitra holds the ownership rights of the material and content found on the TEHDAS.eu website, with the exception of material produced by third parties, for which Sitra only holds a right of use. The copyrights and other rights to these types of texts, images and other third-party materials found on this website belong to the producers or registration holders of said materials.
Sitra reserves all rights to use the registered trademark “Sitra” and other equivalent intellectual property. Use of these rights shall always require the advance written consent of Sitra.
Exemption from liability
Texts found on this website contain the personal thoughts and opinions of authors. They are not the official opinions of the organisations represented by these authors. The authors are personally responsible for the content of their texts.
Under no circumstances shall Sitra be held liable for any indirect or incidental damages or damages that may arise from the use of or confidence in the information and material presented. Sitra shall also not be held liable for any damages caused by an interruption of website use or an inability to access the pages.
The TEHDAS.eu website contains web communities maintained by the project partners as well as links to websites owned or maintained by third parties. By accessing these linked websites, the user hereby agrees to the fact that these pages are not under the control of Sitra, nor does Sitra have any possibility of influencing the content of materials created or published on them. The linked websites may also be subject to terms restricting use, which must be read before using the website. Sitra is in no way responsible for the material contained on third-party websites.
What information do we collect about the users of the website and why?
Sitra collects information about the users of its website through Matomo Analytics and Siteimprove services and cookies.
With the help of the cookies, Matomo Analytics and Siteimprove, general statistical information is collected on website use for improving the service. Such information includes the number of visitors, the user’s country, time spend using the website, the browser used, the content accessed by the visitor and the website from which the visitor accessed the service. An individual user is identified using the data stored in Matomo and Siteimprove, but the data cannot be used to connect the individual to a natural person.
For more information on Matomo Analytics, please visit matomo.org. You can find more information on Siteimprove at siteimprove.com. You can refuse the collection of data by adjusting your cookie settings from the link at the bottom of this page.
Possible changes and the applicable law
Controller of the register:
Sitra, the Finnish Innovation Fund (business ID 0202132-3)
Contact person in matters concerning the register:
Sitra, the Finnish Innovation Fund
Address: Itämerenkatu 11-13, PO Box 160, FI-00181 Helsinki
Tel: +358 294 618 991
Data Protection Officer:
2 Name of the register
TEHDAS Stakeholder Open Call
3 Purpose of personal data processing
The Joint Action Towards the European Health Data Space (TEHDAS) is inviting stakeholders to join the project. TEHDAS has opened a Stakeholder Open Call to involve the stakeholders from Europe in the project. Sitra shall process personal data for the purposes of selecting experts for the group or forum and arrangements concerning events, workshops and meetings.
Sitra shall also process personal data in connection with other communication targeted at interest groups and collaboration partners, such as surveys, informing and reporting (e.g. newsletters), calls for ideas, as well as providing information on them and marketing them to the target audience.
4 Legal basis for personal data processing
Sitra processes personal data based on consent.
5 Data content of the register (processed personal data categories)
The register contains the following personal data about stakeholders. The data in section (a) to (d) are collected about all data subjects and the data in sections (e) to (g) are collected when necessary.
(a) The person’s (data subject’s) basic data, such as name, telephone number, e-mail address,
(b) Data on the person’s (data subject’s) work and position, such as title, education, place of work (organisation) and job title,
(c) Data on the person’s (data subject’s) professional knowledge, skills and networks,
(d) Data on the person’s (data subject’s) consents to the data processing,
(e) Direct marketing permissions and prohibitions expressed by the person (data subject).
(f) Data related to communication between the data subject and Sitra, such as subscriptions to newsletters and other lists, registration for and participation in events and meetings, as well as any correspondence that may be necessary for maintaining the interest group relationship.
In addition to the above-mentioned personal data, the register may contain the following personal data on persons (data subjects) who use Sitra’s information systems that require identification.
(g) Transactions in electronic information systems for a restricted period of time (opened page/file, time stamp, user ID and IP address).
6 Regular data sources
Personal data shall be collected from the data subject.
7 Personal data retention period
The collected data shall be retained only for the duration and to the extent necessary for the original or compatible purposes for which the data was compiled.
In addition, the data listed below shall be retained as per the following retention periods.
(a) The basic data on the data subjects contained by the register shall be retained as long as is necessary for approval of the experts for the group or forum.
(b) Stakeholders’ (data subjects’) personal data related to the organisation of a meeting or other similar occasion organised by Sitra shall be retained for the duration project. The data on participants of meetings organised by Sitra are archived.
Sitra shall regularly assess the need to retain the data as per the internal Code of Conduct. Furthermore, Sitra shall perform all possible and required measures to ensure that such personal data that are inaccurate, erroneous or outdated for the purposes of processing are deleted or corrected without delay.
8 Recipients of personal data (recipient categories) and the regular disclosure of data
The personal data contained in the register shall be disclosed to third persons or organisations as follows.
Disclosing personal data to TEHDAS Competent Authorities (26). In TEHDAS joint action there are three types of Competent Authorities: 14 countries are represented by their ministry of health, 8 countries by their national health institutions and the rest by either regional agencies or other type of public bodies. Personal data may be disclosed for the purpose of reviewing and selecting the stakeholders, communication purposes and for work related to different Forums and Groups during TEHDAS Joint Action.
Bunderministerium für Arbeit, Soziales, Gesundheit und Konsumentenschutz (ATNA), Austria
Ministerstvo na Zdraveopazvaneto (MoH-BG), Bulgaria
Hrvatski Zavod za Zdravstveno Osiguranje HZZO (CHIF), Croatia
Ministry of Health of the Republic of Cyprus (MoH-CY), Cyprus
Ministerstvo Zdravotnictvi Ceske Republiky (MZCR), Czech Republic
Region Midtjylland (RM), Denmark
Sotsiaalministeerium – Estonian Ministry of Social Affairs (MoSA), Estonia
Plateforme des données de santé (FR-HDH), France
Bundesministerium für Gesundheit (BMG), Germany
Dioikisi 6is Ygeionomikis Perifereias Peloponnisou Ionion Nyson Ipeirou Kai Dytikis Elladas (6th Y. PE.), Greece
OKFŐ Országos Kórház Főigazgatóságba, National Healthcare Service Center (AEEK), Hungary
Department of Health (DoH-IE), Ireland
Ministero Della Salute (MINSAL), Italy
Lietuvos Reespublikos Sveikatos Apsaugos Ministerija (SAM-LT), Lithuania
Ministry for Health – Government of Malta (DHIR), Malta
Agentia de Transplant (ATRM), Moldova
Ministerie van Volksgezondheit, Welzijn en Sport (VWS), Netherlands
The Norwegian Ministry of Health and Care Services (MoH-NO), Norway
Servicos Partilhados do Ministerio da Saude Epe (SPMS), Portugal
Institut za Zastitu Zdravlja Srbijedr Milan Jovanovic Batut (IPHS ”Batut”), Serbia
Nacionalni Institut za Javno Zdravje (NIJZ), Slovenia
Instituto Aragones de Ciencias de la Salud (IACS), Spain
E-Halsomyndigheten (SEHA), Sweden
NHS Confederation (NHSC), United Kingdom
9 Transferring data outside of the EU or the EEA
The data contained in the register may be transferred outside of the EU or the EEA. When transferring personal data, Sitra observes the model contract clauses approved by the European Commission concerning the transfer of personal data to third countries, implements other appropriate protection measures as necessary or ensures that the adequate level of data protection is guaranteed in the third country.
10 Register protection principles
Any physical data material containing personal data shall be retained in a locked facility that can only be accessed by appointed persons whose duties require access authority.
The databases containing personal data are on servers which are kept in locked facilities that can only be accessed by appointed persons whose duties require access authority. The servers are protected by an appropriate firewall and technical protection.
The databases and systems can only be accessed with separately granted personal user IDs and passwords. Sitra has restricted the access rights and the authorisations to access the data systems and other mediums in such a way that the data can only be accessed and processed by persons who are needed with regard to lawful processing. In addition, the database and system transactions are registered in the logs of Sitra’s IT systems.
Sitra’s employees and other personnel have undertaken to comply with the obligation of secrecy and to keep confidential the information they receive in connection with the personal data processing.
11 Rights of the data subject
The data subject shall have the following rights laid down in the EU’s General Data Protection Regulation.
(a) The right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
(i) the purposes of the processing;
(ii) the categories of personal data concerned;
(iii) the recipients or recipient groups to whom personal data have been disclosed or will be disclosed;
(iv) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(v) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
(vi) the right to lodge a complaint with a supervisory authority;
(vii) where the personal data are not collected from the data subject, any available information as to their source;
(viii) the existence of automatic decision-making and relevant information about the logic related to such processing, as well as the relevance of this processing and its possible consequences for the data subject.
(b) The right to cancel consent at any time without this affecting the lawfulness of the processing performed on the basis of the consent.
(c) The right to demand that the controller rectify without undue delay any inaccurate and erroneous personal data on the data subject and the right to have incomplete personal data completed.
(d) The right to obtain from the controller the erasure of the personal data concerning the data subject without undue delay in situations determined in the EU’s General Data Protection Regulation.
(e) The right to obtain from the controller restriction of processing in situations determined in the EU’s General Data Protection Regulation.
(f) The right to receive the personal data concerning him or her, which the data subject has provided to Sitra, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, if the processing is based on the consent referred to in the Regulation and the processing is carried out automatically.
(g) The right to file a complaint with the supervisory authority if the data subject considers that the processing of the personal data concerning him or her violates the EU’s General Data Protection Regulation.
Requests concerning the realization of the data subject’s rights shall be addressed to Sitra’s contact person mentioned in Section 1.